How Mail Encryption works

E-mail encryption ensures secure transmission of a message between sender and recipient. An unencrypted e-mail can be read by attackers at any node of a network. This is prevented by the encryption. The characters of the e-mail are changed and made illegible with the help of a key.

Symmetric and asymmetric encryption

In the symmetrical method, the transmitter and receiver use the same key. The main disadvantage is that it must be transmitted between both parties and can be readif the transmission is electronic. Therefore, this method is rarely used today.

As asymmetric methods require more computing effort, the sender and receiver have different keys, one of which is only suitable for encrypting, the other only for decrypting the message. Both are independent and cannot be derived from each other.

How the asymmetric method works

When a message is transmitted using this procedure, both keys are generated together by the recipient as a key pair. One of them, the “private key“, is secret and remains with the recipient. The other, the “public key“, can be transmitted without security concerns to the sender, who uses it to encrypt the message. The recipient decrypts the message with his “private key”. Since the encrypted message cannot be decrypted with the “public key”, the procedure solves the transmission problem of symmetric encryption.

Additional security is guaranteed by an e-mail signature. For this purpose, the sender generates a key pair, encrypts its own signature with its “private key” and transmits the corresponding “public key” to the recipient. The recipient decrypts the signature and can verify the authenticity of the sender.

OpenPGP and GnuPG

One of the first popular programs for asymmetric encryption was Pretty Good Privacy (PGP), developed in 1991. GNU Privacy Guard (GnuPG) is an open source version of PGP that is widely used today in security-critical environments and is also recommended for home users. GnuPG is available for all common operating systems and can be conveniently operated via programs with a graphical interface.

GnuPG uses the OpenPGP standard, which combines the security of asymmetric encryption with the speed of symmetrical encryption. Not the e-mail itself, but a symmetric key, the session key, is encrypted using the asymmetric method. The session key is used to encrypt and decrypt the email, and then discarded. Since the session key is comparatively short, OpenPGP can also be used to securely transmit long messages with little computing effort.

An example

An entrepreneur sends confidential documents to a supplier. The vendor has a key pair of “private key” and “public key”. The entrepreneur generates a session key and requests the supplier’s public key to encrypt the session key and send it to the supplier. The supplier decrypts the session key with his “private key”. The entrepreneur then encrypts the e-mail using the session key that the supplier also uses to decrypt the message.